Nacogdoches Memorial Breach Affects 257k: SSNs and Medical Info Exposed

Nacogdoches Memorial Hospital, a governmental hospital district in Nacogdoches, Texas, disclosed a data breach resulting from a cyber-attack that affected approximately 257,073 individuals in the United States, including five Maine residents.

Nacogdoches Memorial Hospital discovered the breach on Jan. 31, 2026, and began notifying consumers on March 31, 2026.

The breach was disclosed to the Maine Attorney General. The hospital also posted a substitute notice on its website with additional details about the incident and recommendations for protecting personal information.

What happened in the Nacogdoches Memorial Hospital data breach

Nacogdoches Memorial Hospital experienced a cyber-attack in which an unauthorized party compromised the hospital's computer network and information systems.

After discovering the incident, the hospital commenced an investigation to determine the full extent of unauthorized activity within its computer network, as well as to determine the contents of any affected files.

The types of information exposed included both PHI and PII including names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, medical record numbers, account numbers, health plan beneficiary numbers and possible full face photograph images.

Nacogdoches Memorial Hospital's response to the breach

Nacogdoches Memorial Hospital sent written notification letters via first-class mail to potentially affected patients. The letters included information about the incident and steps individuals can take to protect their personal information, including guidance on placing fraud alerts and security freezes with the three major credit bureaus, obtaining free credit reports, setting up an IRS Identity Protection PIN and understanding rights under the Fair Credit Reporting Act.

The hospital has established a dedicated toll-free number at 888-460-3229, available Monday through Friday from 8 a.m. to 5 p.m., for patients with questions about the incident.

Patients can also contact the hospital by email at nchdhipaa@nachd.org.

Steps to take if your information was exposed

• Place a fraud alert or security freeze on credit reports by contacting Equifax (1-800-349-9960), Experian (1-888-397-3742) or TransUnion (1-888-909-8872).
• Request free credit reports at AnnualCreditReport.com or by calling 1-877-322-8228 and review them carefully for any unfamiliar accounts or suspicious activity.
• Set up an IRS Identity Protection PIN through the IRS online Get an IP PIN tool to prevent someone from filing a fraudulent tax return using a stolen Social Security number.
• Monitor health insurance statements for any medical services, prescriptions or claims that were not received or authorized, as exposed medical information could be used for medical identity theft.
• Be cautious of phishing attempts that reference Nacogdoches Memorial Hospital or this data breach by name, as scammers often exploit breach notifications to trick people into sharing more personal information.